[pkg-horde] [SCM] Debian Horde Packages repository: horde3 package branch, debian-lenny, updated. 244771356d5ee1a12d926ce1791a7ab4a870ca3b
Gregory Colpart
reg at debian.org
Wed Nov 3 22:53:16 UTC 2010
The following commit has been merged in the debian-lenny branch:
commit 244771356d5ee1a12d926ce1791a7ab4a870ca3b
Author: Gregory Colpart <reg at debian.org>
Date: Wed Nov 3 23:39:10 2010 +0100
Backport fix from 3.3.10 (thanks to yunosh on IRC). Fix changelog.
diff --git a/debian/changelog b/debian/changelog
index 6c58d63..cf42579 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,12 @@
horde3 (3.2.2+debian0-2+lenny3) stable-security; urgency=high
* Fix typo in patch for CVE-2009-3236.
- * Fix CVE-2010-3077 and CVE-2010-3694 (Closes: #598582)
+ * Backport security patches from 3.3.9 and 3.3.10 to fix CVE-2010-3077
+ and CVE-2010-3694 (Closes: #598582)
* Fix annoying bug in cache sql driver (Closes: #566610)
* Fix annoying bug in address validation (Closes: #562965)
- -- Gregory Colpart <reg at debian.org> Sun, 31 Oct 2010 19:16:38 +0100
+ -- Gregory Colpart <reg at debian.org> Wed, 03 Nov 2010 23:44:38 +0100
horde3 (3.2.2+debian0-2+lenny2) stable-security; urgency=high
diff --git a/services/portal/syncml.php b/services/portal/syncml.php
index eacf99e..f35492f 100644
--- a/services/portal/syncml.php
+++ b/services/portal/syncml.php
@@ -66,7 +66,7 @@ if (!is_a($result, 'PEAR_Error')) {
}
$app = 'horde';
$chunk = Util::nonInputVar('chunk');
-Prefs_UI::generateHeader('syncml', $chunk);
+Prefs_UI::generateHeader(null, $chunk);
require HORDE_TEMPLATES . '/syncml/syncml.inc';
if (!$chunk) {
diff --git a/services/prefs.php b/services/prefs.php
index b87dcd4..1d35c09 100644
--- a/services/prefs.php
+++ b/services/prefs.php
@@ -83,11 +83,15 @@ if ($group == 'identities') {
}
}
- $result = Horde::checkRequestToken('horde.prefs', Util::getFormData('horde_prefs_token'));
+ $actionID = Util::getFormData('actionID');
+ $result = $actionID
+ ? Horde::checkRequestToken('horde.prefs', Util::getFormData('horde_prefs_token'))
+ : true;
+
if (is_a($result, 'PEAR_Error')) {
$notification->push($result, 'horde.error');
} else {
- switch (Util::getFormData('actionID')) {
+ switch ($actionID) {
case 'update_prefs':
$from_addresses = $identity->getAll('from_addr');
$current_from = $identity->getValue('from_addr');
diff --git a/templates/prefs/begin.inc b/templates/prefs/begin.inc
index b084651..bf50b0b 100644
--- a/templates/prefs/begin.inc
+++ b/templates/prefs/begin.inc
@@ -1,6 +1,6 @@
<form method="post" id="prefs" name="prefs" action="<?php echo Horde::selfUrl() ?>">
<?php Util::pformInput() ?>
-<input type="hidden" name="horde_prefs_token" value="<? echo Horde::getRequestToken('horde_prefs') ?>" />
+<input type="hidden" name="horde_prefs_token" value="<?php echo Horde::getRequestToken('horde_prefs') ?>" />
<input type="hidden" name="actionID" value="update_prefs" />
<input type="hidden" name="group" value="<?php echo htmlspecialchars($group) ?>" />
<input type="hidden" id="prefs_app" name="app" value="<?php echo htmlspecialchars($app) ?>" />
diff --git a/templates/prefs/deleteidentity.inc b/templates/prefs/deleteidentity.inc
index 5d0f198..c473fab 100644
--- a/templates/prefs/deleteidentity.inc
+++ b/templates/prefs/deleteidentity.inc
@@ -6,7 +6,7 @@ function deleteIdentity()
var index = document.prefs.identity.selectedIndex;
var id = document.prefs.identity.options[index].value;
if (id >= 0) {
- document.location.href = "<?php echo str_replace('&', '&', Util::addParameter(Horde::selfUrl(true), array('actionID' => 'delete_identity', 'id' => ''))) ?>" + id;
+ document.location.href = "<?php echo str_replace('&', '&', Util::addParameter(Util::removeParameter(Horde::selfUrl(true), 'id'), array('actionID' => 'delete_identity', 'horde_prefs_token' => Horde::getRequestToken('horde.prefs'), 'id' => ''))) ?>" + id;
}
}
//-->
diff --git a/templates/syncml/syncml.inc b/templates/syncml/syncml.inc
index bd027c9..c0e8145 100644
--- a/templates/syncml/syncml.inc
+++ b/templates/syncml/syncml.inc
@@ -1,3 +1,11 @@
+<div class="header">
+ <?php Prefs_UI::generateNavigationCell('syncml') ?>
+ <?php echo htmlspecialchars($prefGroups['syncml']['label']) ?>
+ <br class="clear" />
+</div>
+
+<div class="prefsContainer item">
+
<div class="smallheader">
<?php echo _("Timestamps of successful synchronization sessions") ?>
</div>
@@ -22,7 +30,11 @@ foreach ($devices as $device => $anchors) {
<td><?php echo strftime($prefs->getValue('date_format') . ' %H:%M', $anchor['syncml_serveranchor']) ?></td>
<td><?php echo htmlspecialchars($anchor['syncml_clientanchor']) ?></td>
<td>
- <form method="post">
+ <form method="post" action="<?php echo Horde::selfUrl() ?>">
+ <?php Util::pformInput() ?>
+ <input type="hidden" name="horde_prefs_token" value="<? echo Horde::getRequestToken('horde_prefs') ?>" />
+ <input type="hidden" name="group" value="syncml" />
+ <input type="hidden" name="app" value="horde" />
<input type="hidden" name="deviceid" value="<?php echo htmlspecialchars($device) ?>"/>
<input type="hidden" name="actionID" value="deleteanchor" />
<input type="hidden" name="db" value="<?php echo htmlspecialchars($anchor['syncml_db']) ?>" />
@@ -33,11 +45,16 @@ foreach ($devices as $device => $anchors) {
<?php } } ?>
</table>
<?php endif; ?>
+<form method="post" action="<?php echo Horde::selfUrl() ?>">
<p>
+ <?php Util::pformInput() ?>
+ <input type="hidden" name="horde_prefs_token" value="<? echo Horde::getRequestToken('horde_prefs') ?>" />
+ <input type="hidden" name="group" value="syncml" />
+ <input type="hidden" name="app" value="horde" />
<input type="hidden" name="actionID" value="deleteall" />
<input type="submit" class="button" value="<?php echo _("Delete All SyncML Data") ?>" />
<input id="prefs_return" type="button" class="button" onclick="cancelSubmit=true;document.location.href='<?php echo Horde::applicationUrl(Util::addParameter('services/prefs.php', 'app', 'horde'), true) ?>'" value="<?php echo _("Return to Options") ?>" />
</p>
+</form>
</div>
-</form>
--
Debian Horde Packages repository: horde3 package
More information about the pkg-horde-hackers
mailing list